bap

1 files changed, 88 insertions, 0 deletions

diff --git a/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp b/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp
new file mode 100644
index 0000000..77ec94c
--- /dev/null
+++ b/csgo-loader/csgo-client/Security/RuntimeSecurity.hpp
@@ -0,0 +1,88 @@
+#pragma once

+

+// std::unique_ptr

+#include <memory>

+

+// Intrinsics (_ReturnAddress)

+#include <intrin.h>

+

+// Required for the SDK from Themida which offers multiple

+// virtual machines and string encryption, as well as debug/VM checks.

+#include <ThemidaSDK.h>

+

+// Required for MinHook.

+#include <MinHook.h>

+#pragma comment(lib, "MinHook.lib")

+

+// Used for wrapping Themida's macros along with some other things.

+// e.g: WRAP_IF_RELEASE( VM_SHARK_BLACK_START ) will only trigger in Release mode.

+// Likewise, WRAP_IF_DEBUG( printf( "Error: %08x", GetLastError() ) ) will only 

+// trigger in Debug mode.

+// Just a neat little feature that I decided to implement :-)

+#ifdef DEBUG

+	#define WRAP_IF_RELEASE( s )

+	#define WRAP_IF_DEBUG( s ) { s; }

+#else

+	#define WRAP_IF_RELEASE( s ) { s; }

+	#define WRAP_IF_DEBUG( s )

+

+	// Link against Themida's SecureEngine.

+	#pragma comment(lib, "SecureEngine.lib")

+#endif

+

+namespace Security

+{

+	// Hardware ID structure (this is hashed and sent to server, but it's easier to use it 

+	// this way internally)

+	struct HardwareIdentifier

+	{

+		// Generic CPU information.

+		uint16_t m_CpuArchitecture;

+		uint32_t m_CpuCount;

+				   

+		// String-literal - contains list of CPU features.

+		char     m_CpuFeatures[64];

+

+		// Hash of the hard disk serial identifier.

+		uint32_t m_HardDiskSerialHash;

+	};

+

+	// This class implements the runtime security system.

+	// In short, upon initialization, the system applies detours to numerous API functions

+	// which will be checked for integrity every time they are called. 

+	// Also, a few threads are dispatched in the process in order to ensure that there are no

+	// forbidden programs/conditions being triggered. 

+	// The class has an (inlined) security callback which can be used to phone home and infract/ban

+	// any potentially malicious actions from users.

+	class RuntimeSecurity

+	{

+	protected:

+		// Applies necessary API hooks.

+		void ApplyApiHooks_Internal();

+

+		// Patches common debugging functions to crash the program.

+		void PatchDebugFunctions_Internal();

+

+		// Dispatches security threads.

+		void DispatchSecurityThreads_Internal();

+

+		// The following functions are used in security threads to run checks.

+		bool CheckForVirtualMachine_Internal();

+

+		bool CheckForDebugger_Internal();

+

+		bool CheckForApiHooks_Internal();

+

+	public:

+		// Initializes the runtime security system.

+		bool Start();

+

+		// Retrieves the current Hardware ID for the system.

+		

+	};

+

+	// Readability

+	using RuntimeSecurityPtr = std::unique_ptr<RuntimeSecurity>;

+}

+

+extern Security::RuntimeSecurityPtr Protection;
\ No newline at end of file